First published: Fri Aug 06 2021(Updated: )
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric R08sfcpu Firmware | ||
Mitsubishielectric R08sfcpu | ||
Mitsubishielectric R16sfcpu Firmware | ||
Mitsubishielectric R16sfcpu | ||
Mitsubishielectric R32sfcpu Firmware | ||
Mitsubishielectric R32sfcpu | ||
Mitsubishielectric R120sfcpu Firmware | ||
Mitsubishielectric R120sfcpu | ||
Mitsubishielectric R08psfcpu Firmware | ||
Mitsubishielectric R08psfcpu | ||
Mitsubishielectric R16psfcpu Firmware | ||
Mitsubishielectric R16psfcpu | ||
Mitsubishielectric R32psfcpu Firmware | ||
Mitsubishielectric R32psfcpu | ||
Mitsubishielectric R120psfcpu Firmware | ||
Mitsubishielectric R120psfcpu | ||
All of | ||
Mitsubishielectric R08sfcpu | ||
Mitsubishielectric R08sfcpu Firmware | ||
All of | ||
Mitsubishielectric R16sfcpu | ||
Mitsubishielectric R16sfcpu Firmware | ||
All of | ||
Mitsubishielectric R32sfcpu | ||
Mitsubishielectric R32sfcpu Firmware | ||
All of | ||
Mitsubishielectric R120sfcpu | ||
Mitsubishielectric R120sfcpu Firmware | ||
All of | ||
Mitsubishielectric R08psfcpu | ||
Mitsubishielectric R08psfcpu Firmware | ||
All of | ||
Mitsubishielectric R16psfcpu | ||
Mitsubishielectric R16psfcpu Firmware | ||
All of | ||
Mitsubishielectric R32psfcpu | ||
Mitsubishielectric R32psfcpu Firmware | ||
All of | ||
Mitsubishielectric R120psfcpu | ||
Mitsubishielectric R120psfcpu Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20594 is high with a CVSS score of 7.5.
CVE-2021-20594 is a vulnerability that allows unauthorized actors to access sensitive information in certain firmware versions of Mitsubishi Electric MELSEC iQ-R series Safety CPU modules and SIL2 Process CPU modules.
CVE-2021-20594 affects Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior, as well as Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions.
Mitsubishi Electric has released a firmware update to address the vulnerability. Users are advised to update to the latest available firmware version.
More information about CVE-2021-20594 can be found on the official Mitsubishi Electric PSIRT webpage, as well as the JVN and CISA websites.